For some reason gpg gen-key still defaults to SHA1 and RSA2048, due to the known weaknesses of SHA1 it is probably a better idea to use SHA256.
First of all, we need to create a configuration file.

cat ~/.gnupg/gpg.conf"
---
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

To generate a new key type (also specify to use RSA 4096):

gpg --gen-key
### or
gpg --full-generate-key

Other useful commands are:

### Displays keys and short key IDs
gpg --list-keys
### Displays the full fingerprint of the specified key
gpg --fingerprint <short key ID>
### Remove GPG key from the local keyring
gpg --delete-secret-keys 2DA06294
gpg --delete-keys 2DA06294
### Export keys
$ gpg --output mygpgkey_pub.gpg --armor --export <short key ID>
$ gpg --output mygpgkey_sec.gpg --armor --export-secret-key <short key ID>

Those two .gpg files can now be imported in Thunderbird’s Enigmail or moved to other machines to be imported in the local keyring.

Resources

https://keyring.debian.org/creating-key.html

uwot.eu

Generate a secure GPG key

Resources